SlideShare a Scribd company logo

DevOps Security for Good

Download as PPTX, PDF
Francisco Donoso
Francisco Donoso

Development methodologies like Agile teach developers to make small and quick improvements to code to get features into production quickly. SAAS and web scale companies now push updated code to production using tools such as Jenkins and Chef more than ten times a day. This means that while we get updated features and software delivered faster, there is a side effect of security issues being introduced into production quicker than ever. In this talk we’ll explore why security professionals should embrace the very same DevOps tools like Jenkins, Chef, Puppet, etc. to automate security checks and remediation on code and automated infrastructure.

Technology
1 of 64
DevOps, Agile, $buzzword and How the hell to secure them By: Francisco Donoso
What are you talking about? ● What hell are Devops, Agile, and $INSERT_BUZZWORD_HERE ● What kind of challenges do these methodologies present to security folks ● How to use these tools to your advantage ○ Config management suites 101 ○ Automated security scans when code is committed ● Cats
Who are you anyway? ● Have done the security analyst / security engineer thing ● Have done the security consulting thing ● MSS Architect leading a team of Security Engineers and Software Devs ● DevOps Security Engineer at: We’re hiring!
Days of old
Dev VS Ops
1. Weeks writing code 2. Weeks “testing” code Dev VS Ops
Ship it! 1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment Dev VS Ops
1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment Dev VS Ops 4. Get out of the office as quickly as possible
1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment 4. Get out of the office as quickly as possible Dev VS Ops 5. Deployment is a complete train wreck
Dev VS Ops 1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment 4. Get out of the office as quickly as possible 5. Deployment is a complete train wreck 6. Blame
Dev VS Ops 1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment 4. Get out of the office as quickly as possible 5. Deployment is a complete train wreck 6. Blame 7. Roll back….
What is Agile?
Agile Development Methodology
Agile Development Methodology ● Frequent changes to production ● New features (new code!!!) being introduced every sprint (often weekly) ● Less time for QA / Security review
Intro to DevOps
DevOps 101 DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from inception to deployment. Operations staff making use many of the same techniques & tools as developers for their systems work.
DevOps 101
DevOps Tool Belt
Continuous Integration
Continuous Delivery Dev Stage “Canary” Prod
Server management
Days of old Billy Susie Evan
Horizontal scaling
Config Management / Orchestration
“Infrastructure as code” Easy to identify changes in production configurations
“Infrastructure as code” Version-able, Repeatable, Testable Consistency - Ensure that your server builds meet security requirements. Makes life easier - Automate repeated tasks Change Management - “Code” review and be less scared of change! (patching anyone..? Bueller? Bueller?) DR is easier!
How the big boys do it Etsy: Average 25 deploys per day Amazon: Well….
Agile + DevOps = ?
How to secure this stuff
Config Management for good ● Base security configs ● Centralized logging & auth ● Host based firewall rules ● Automated Vuln Scans ● Easier Patching
Taking a step back..Config Management Roles: ● Web Server ● Database Server ● Mail Server Environments: ● Production ● Staging ● Development
Automate security Configure a base hardened config that is used everywhere Configure centralized auth Configure centralized logging FOR ALL THE THINGS Configure host based firewalls per role & environment Quickly mitigate insecure configurations
Example Time Write a recipe to install and configure rsyslog to send auth logs to centralized logging servers
Automatically logging all the things 1.Automatically install rsyslog 2.Automatically write a configuration file with custom “destination” log server based on the “nodes” environment 3.Start the service 4.Profit (from logs...yeah...logs)
Node Attributes Attribute Name Attribute Value
Installing rsyslog with Chef 1 2 1.For the package named “rsyslog”: 2.Install it
1.Write the rsyslog config file 2.Use the ruby template file as the source 3.Replace the “logserver” variable in the template with the proper log server based on environment Write a custom rsyslog config file 1 2 3
Enable and start the service 1 2 1.For the service named “rsyslog”: 2.Enable it during boot & start it immediately
Putting it all together (recipe)
Continuing with our base_server recipe
Attribute precedence 1.Role 2.Environment 3.Recipe
Node Attributes Attribute Name Attribute Value Environment Attribute
Remove unused packages 1 2 3 1.List of packages to remove saved as a “node” attribute 2.For each package in the list: 3.Remove the package
Make it easier for later 1 2 3 1.List of packages to upgrade and their versions saved as a “node” attribute 2.Upgrade the package: 3.To the specified version
Making security convenient
Put Security on ALL THE THINGS NodeJS_server base_server $APP_server MySQL_server NGINX_server
Demo Time
Firewalling in a DevOps World
Database VLANDMZ Traditional Firewalling
Database VLANDMZ Traditional Firewalling
DMZ Traditional Firewalling Database VLAN
Networks @ Scale
Datacenter network Networks @ Scale
1.Find all nodes with a role of “web_server” 2.For each node in the “webnodes” variable: 3.Add a simple iptables rule to allow inbound to MySQL 4.Replace the source with the value for of that web servers IP Address Automatically generate firewall rules 3 1 2 4
Let’s take a step back Testing: ● Unit ● Integration ● Regression ● Security CI System
How CI does its thing Dev Cat Code Repo CI System Did you commit yet? Did you commit yet? Did you commit yet?
How CI does its thing CI System ohhh a commit! 1.Compile the source (if needed) I’m a VM! Build Agent Run tests 2.Spin up VM / container 3.Deploy code 4.Run tests 5.Profit!
1.NMAP 2.Vulnerability scans 3.OWASP ZAP scans 4.Static code analysis Automatic Security testing
Infrastructure is code Test Like It
Chef Recipe Testing I’m a VM! Test Kitchen
1 2 3 Chef Recipe Testing
Chef Recipe Testing I’m a Cheff’d VM! Test Kitchen Vulnerability Scanner1 2
What we covered ● Intro to Agile & Devops ● How we NEED to automate to properly secure our infrastructure & code ● Config management suites 101 ○ Build a base server config that is used everywhere ● Automated security tests
THANKS FOR LISTENING Q A& I’ll try to answer questions now Q&A Session @Francisckrs Francisco Donoso Francisck

Recommended

Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
Chef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with Habitat
Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 
Continuous Happiness by Continuous Delivery
Continuous Happiness by Continuous DeliveryContinuous Happiness by Continuous Delivery
Continuous Happiness by Continuous Delivery
Sergejus Barinovas
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
 

Recommended

Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
Chef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with Habitat
Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 
Continuous Happiness by Continuous Delivery
Continuous Happiness by Continuous DeliveryContinuous Happiness by Continuous Delivery
Continuous Happiness by Continuous Delivery
Sergejus Barinovas
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
 
Three amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + DockerThree amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + Docker
Daniel Gordillo
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
Chef
 
Seminar continuous delivery 19092013
Seminar continuous delivery 19092013Seminar continuous delivery 19092013
Seminar continuous delivery 19092013
Joris De Winne
 
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Ambassador Labs
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
Mandi Walls
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
HandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code DevelopmentHandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code Development
pingworks
 
InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020
Mandi Walls
 
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
Puppet
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
Scaling Jenkins
Scaling Jenkins Scaling Jenkins
Scaling Jenkins
Udaypal Aarkoti
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous Delivery
Virendra Bhalothia
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with Jenkins
Brice Argenson
 
Standardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins TeamStandardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins Team
Deborah Schalm
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
InSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.beInSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.be
Mandi Walls
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
Jerod Brennen
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
Tom Stiehm
 

More Related Content

What's hot

HandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code DevelopmentHandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code Development
pingworks
 
Standardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins TeamStandardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins Team
Deborah Schalm
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 

What's hot (20)

Three amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + DockerThree amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + Docker
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
 
Seminar continuous delivery 19092013
Seminar continuous delivery 19092013Seminar continuous delivery 19092013
Seminar continuous delivery 19092013
 
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
 
HandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code DevelopmentHandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code Development
 
InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020
 
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
 
Scaling Jenkins
Scaling Jenkins Scaling Jenkins
Scaling Jenkins
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous Delivery
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with Jenkins
 
Standardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins TeamStandardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins Team
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
InSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.beInSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.be
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
 

Viewers also liked

Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
Jerod Brennen
 
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Christian Schneider
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testing
seleniumconf
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 era
Carlo Bonamico
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Christian Schneider
 

Viewers also liked (17)

Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
 
L'open source dans les nouvelles architectures web
L'open source dans les nouvelles architectures webL'open source dans les nouvelles architectures web
L'open source dans les nouvelles architectures web
 
Infrastructure as Data with Ansible for easier Continuous Delivery
Infrastructure as Data with Ansible for easier Continuous DeliveryInfrastructure as Data with Ansible for easier Continuous Delivery
Infrastructure as Data with Ansible for easier Continuous Delivery
 
Integrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSIntegrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWS
 
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
 
Rugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsRugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOps
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testing
 
Continuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinkiContinuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinki
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 era
 
Continuous Security: Zap security bugs now Codemotion-2015
Continuous Security: Zap security bugs now Codemotion-2015Continuous Security: Zap security bugs now Codemotion-2015
Continuous Security: Zap security bugs now Codemotion-2015
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
 
Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
 
Introduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesIntroduction to Security Vulnerabilities
Introduction to Security Vulnerabilities
 
Les tests de securite devops
Les tests de securite devopsLes tests de securite devops
Les tests de securite devops
 

Similar to DevOps Security for Good

Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
Jesse Houwing
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
ssuser37f369
 

Similar to DevOps Security for Good (20)

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
Devops : Automate Your Infrastructure with Puppet
Devops : Automate Your Infrastructure with PuppetDevops : Automate Your Infrastructure with Puppet
Devops : Automate Your Infrastructure with Puppet
 
Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
 
Tour of Azure DevOps
Tour of Azure DevOpsTour of Azure DevOps
Tour of Azure DevOps
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
Devops
DevopsDevops
Devops
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 

Recently uploaded

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

DevOps Security for Good